Featured Posts

Understanding AiTM and MitM Attacks
June 4, 2025
Read Post
What is Business Email Compromise (BEC) - and how can you protect your organisation?
May 27, 2025
Read Post
Why Phishing Email Training is Critical to Human Risk
May 9, 2025
Read Post

A lot of our security awareness training is centred around phishing, and for good reason - it's still true that around 90% of breaches happen due to human error. But what if the attacker didn’t need to trick you at all? What if they could just slip into the conversation?

Amongst all the talk of data breaches and cyber threats, you might not have heard about Man-in-the-Middle (MitM) and Adversary-in-the-Middle (AiTM) attacks. These attacks don’t just rely on you clicking the wrong link, they work by intercepting your communications, often without you ever knowing. And as phishing evolves, so do the tactics that attackers use to stay one step ahead.

What Is a Man-in-the-Middle (MitM) Attack?

A MitM attack occurs when a hacker inserts themselves between two parties such as you and your bank, without either being aware. The attacker can eavesdrop, steal login credentials, or alter data in real time. This often happens on unsecured public Wi-Fi networks or through compromised devices.  

What Is an Adversary-in-the-Middle (AiTM) Attack?

AiTM attacks take MitM to the next level. They often use phishing emails to lure users to fake login pages that look identical to legitimate ones. When a user enters their credentials and MFA code, the attacker captures both and can hijack the session, gaining full access to the account, even if MFA is enabled.  

These attacks are used in business email compromise (BEC) schemes, where attackers impersonate executives or vendors to trick employees into transferring funds or sensitive data.

Did you know we have a bite-sized course on MitA and AitA contact us to preview it now.

How to Protect Yourself

  • Enable MFA: MFA adds an extra layer of security.
  • Verify URLs: Always check the website's URL before entering credentials or information.
  • Be cautious with emails: Don't click on suspicious links or attachments - scan for S.C.A.M.
  • Use secure networks: Avoid logging into sensitive accounts over public Wi-Fi.

MitM and AiTM attacks highlight just how critical it is to keep good cyber hygiene and to stay aware of your surroundings. While MitM attacks often exploit unsecured networks or outdated systems to intercept data, AiTM attacks go a step further, bypassing even trusted protections like MFA. Both rely on users letting their guard down, momentarily or while busy or distracted.

The good news is, a little awareness can go a long way. Just being aware that this kind of attack can exist, and following simple security practices that educate and empower you and you organisation - like verifying URLs, using secure connections, and being cautious with unexpected emails, we can prevent attackers from slipping into the middle.

Subscribe to Phriendly Phishing Updates
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
COMPANY
About UsBlogFAQContact UsPartner Information
SOLUTIONS
Phishing Awareness TrainingSecurity Awareness TrainingEnterprise Security AwarenessSMB Security AwarenessUSB Drop Testing & ReportingPhish Focus Email Triage
RESOURCES
Case StudiesTraining Buyer's GuideCourse CatalogueOnline Knowledge BaseAccount LoginCyber Security Awareness MonthWebinarsPodcasts

Phriendly Phishing Copyright © 2025

Privacy Policy | Terms and Conditions